Cybercriminals Using Coronavirus Scare to Spread Malware

With all the news around COVID-19/Coronavirus, the average person is turning to the internet for real-time advice and updates about the pandemic. With the increase in web traffic, cybercriminals are taking advantage of the scare to catch people with their guard down.  By creating emails and websites that mirror, and in some cases, function, like […]

Emotet Wi-Fi Spreader Upgraded

This an update to an early article regarding the emerging cyberthreat of Emotet Wifi Spreader. Executive Summary Binary Defense analysts previously discovered a stand-alone program for spreading Emotet infections over Wi-Fi networks. Although the spreader had been recently delivered by Emotet command and control (C2) servers, the program itself had not been changed for at […]

The Downfall of a Cyber-Criminal: “W0zniak”

Executive Summary Binary Defense regularly monitors Darknet sites, criminal forums and other sources to find threats that may affect our clients. When our analysts found someone offering to sell backdoor access to a Managed Services Provider (MSP), we coordinated with the FBI to discover the identity of the MSP and preserve evidence. We also found […]

Emotet Evolves With new Wi-Fi Spreader

Emotet is a highly sophisticated trojan that typically also serves as a loader for other malware. A key functionality of Emotet is its ability to deliver custom modules or plugins that are suited for specific tasks, including stealing Outlook contacts, or spreading over a LAN. Recently, Binary Defense has identified a new loader type that […]

An Updated ServHelper Tunnel Variant

James Quinn, Threat Researcher for Binary Defense Executive Summary Binary Defense Researchers discovered active Command and Control (C2) servers and a new version of ServHelper, a malicious Remote Desktop Protocol (RDP) backdoor program known to be used by the threat group TA505.  TA505 is a financially motivated threat group that has been active since at […]